CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-37036
https://notcve.org/view.php?id=CVE-2021-37036
23 Nov 2021 — There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280_TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the information leak. Se presenta una vulnerabilidad de filtrado de información en FusionCompute versiones 6.5.1, eCNS280_TD V100R005C00 y V100R005C10. Debido al almacenamiento inapropiado de información específica en el archiv... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210818-01-informationleak-en • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-22396
https://notcve.org/view.php?id=CVE-2021-22396
02 Aug 2021 — There is a privilege escalation vulnerability in some Huawei products. Due to improper privilege management, a local attacker with common privilege may access some specific files in the affected products. Successful exploit will cause privilege escalation.Affected product versions include:eCNS280_TD V100R005C00,V100R005C10;eSE620X vESS V100R001C10SPC200,V100R001C20SPC200. Se presenta una vulnerabilidad de escalada de privilegios en algunos productos de Huawei. Debido a una inapropiada administración de priv... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210714-01-privilege-en • CWE-269: Improper Privilege Management •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-22338
https://notcve.org/view.php?id=CVE-2021-22338
29 Jun 2021 — There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service. Se presenta una vulnerabilidad de inyección de tipo XXE en eCNS280 V100R005C00 y V100R005C10. Un módulo no lleva a cabo la operación estricta de un mensaje XML de entrada. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210421-01-cgp-en • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-22378
https://notcve.org/view.php?id=CVE-2021-22378
22 Jun 2021 — There is a race condition vulnerability in eCNS280_TD V100R005C00 and V100R005C10. There is a timing window exists in which the database can be operated by another thread that is operating concurrently. Successful exploit may cause the affected device abnormal. Se presenta una vulnerabilidad de condición de carrera en eCNS280_TD V100R005C00 y V100R005C10. Se presenta una ventana de servicios en la que la base de datos puede ser operada por otro hilo que esté operando concurrentemente. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210602-01-cgp-en • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-22361
https://notcve.org/view.php?id=CVE-2021-22361
22 Jun 2021 — There is an improper authorization vulnerability in eCNS280 V100R005C00, V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200. A file access is not authorized correctly. Attacker with low access may launch privilege escalation in a specific scenario. This may compromise the normal service. Se presenta una vulnerabilidad de autorización inapropiada en eCNS280 V100R005C00, V100R005C10 y eSE620X vESS V100R001C10SPC200, V100R001C20SPC200. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210519-02-cgp-en •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-22292
https://notcve.org/view.php?id=CVE-2021-22292
06 Feb 2021 — There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS. Se presenta una vulnerabilidad de denegación de servicio (DoS) en eCNS280 versiones V100R005C00, V100R005C10. Debido a un defecto de diseño, atacantes remotos no autorizados envían una gran cantidad de mensajes específicos a unos dispos... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-02-dos-en •
CVSS: 4.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-22300
https://notcve.org/view.php?id=CVE-2021-22300
06 Feb 2021 — There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods. Se presenta una vulnerabilidad de filtrado de información en eCNS280_TD versiones V100R005C00 y V100R005C10. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-cgp-en • CWE-312: Cleartext Storage of Sensitive Information •